Posted
by
samzenpus
on Thursday April 18, 2013 @10:05PM
from the patching-things-up dept.

wiredmikey writes "Oracle released its quarterly Critical Patch Update (CPU) for April, which addressed a whopping 128 security issues across multiple product families. As part of its update, Oracle released a Java SE Critical Patch Update to plug 42 security holes in Java, 19 with base CVE score of 10 (the highest you can go) and 39 related to the Java Web Start plugin which can be remotely exploited without authentication. According to security analyst Wade Williamson, organizations need to realize that Java will continue to pose a significant risk. 'The first step is for an organization to understand precisely where and why Java is needed,' Williamson wrote. 'Based on the rate of newly discovered vulnerabilities, security teams should assume that Java is and will continue to be vulnerable.' Organizations should to take a long, hard look at Java and answer for themselves if it's worth it, Williamson added. Due to the threat posed by a successful attack, Oracle is strongly recommending that organizations apply the security fixes as soon as possible."

Yeah!
Its also used for terribly engineered front end software and to slow down the most powerful supercomputer to a crawl because the guys that used it were too lazy to learn c++ and proper coding.
Oh... developed for Object Oriented Programming you say? Well hell yeah... it only take 15 lines of code to say "Hello World!"
WWWWEEEEEEEEEEEEEEE!!!!!

Every time they release one of these my companies IT department insists on the new version being mandatory and installs it on every PC without any testing.

This then breaks one (or more) of our externally provided and supported, business critical, small user base, Java client/server systems. After a few days of frantic phone calls and manual un-installs of the new Java version (which have to be done by IT support due to security lockdown remoting into PCs, after senior signoff) we have to keep doing to combat the overnight updates) we end up with an emergency change to install a very alpha version of the client/server system.

The updated client is normally so full of bugs that it gets several further emergency updates over the next 3 months and is just about stable and almost bug free in time for Oracle to release another patch...